CVE-2023-33730

CRITICAL

eScan Management Console 14.0.1400.2281 - Cleartext Transmission of Sensitive Information via GetUserCurrentPwd Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33730. PoCs published by sahiloj.

AI-analyzed exploit summary This repository documents a privilege escalation vulnerability (CVE-2023-33730) in eScan Management Console 14.0.1400.2281, where the 'GetUserCurrentPwd' function exposes user passwords in plaintext via a GET request parameter manipulation.

Description

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

Exploits (1)

nomisec WRITEUP 1 stars

by sahiloj · poc

https://github.com/sahiloj/CVE-2023-33730

View Code ZIP pw:eip

This repository documents a privilege escalation vulnerability (CVE-2023-33730) in eScan Management Console 14.0.1400.2281, where the 'GetUserCurrentPwd' function exposes user passwords in plaintext via a GET request parameter manipulation.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: eScan Management Console 14.0.1400.2281

Auth required

Prerequisites: Valid user credentials (any privilege level) · Access to the eScan Management Console

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/sahiloj/CVE-2023-33730/blob/main/CVE-2023-33730.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0118

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-319

Status published

Products (1)

escanav/escan_management_console 14.0.1400.2281

Published May 31, 2023

Tracked Since Feb 18, 2026